1. Field of the Invention
The present invention relates to data processing and, in particular, to patching applications in a managed computer environment. Still more particularly, the present invention provides a method, apparatus, and program for automatic patch deployment based on an assessed risk and policies in a managed computer environment.
2. Description of the Related Art
A large computer organization may employ a data center, which is a room full of servers. Each server may run several applications that provide services to customers or other applications within the organization. Often, these servers run continuously, providing services to users throughout the world around the clock. As a result, any downtime experienced by a server is potentially costly or damaging to the reputation of the organization. For example, the organization may have service level agreements with customers that may not be met due to server downtime.
In a managed computer environment, deployment of software is controlled by a managing server. When an update, also referred to as a “patch,” for an application is available, an administrator may determine whether to push the update to the managed endpoints. Managed endpoints may be any device within the managed computer environment, such as end user client devices, servers, routers, and the like. In the case of servers, a patch may disrupt the operation of the device. Therefore, the administrator must assess the risk of executing the update and deploy the patch accordingly.
Currently, deployment of a patch is a manual process in which the data center administrator views patches that have been released, reads the documentation, and determines whether the patch is applicable to the data center. However, patch deployment is not a trivial task, and the decision to install a patch, as well as when and how to install the patch, may be made with incomplete information. The administrator must exercise extreme caution when assessing the risk of a patch and scheduling deployment.